Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3232203d3e203437353833.roa
File:                     3139352e3230302e382e302f32322d3232203d3e203437353833.roa (raw, json)
Hash identifier:          ImT/UTBpz74fen26JrD+bJx96J0bV0VfvexYPWZQ3gA=
Subject key identifier:   0C:39:6D:3E:45:9C:E2:65:B0:60:C0:66:1C:A3:04:05:FD:77:5A:22
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5F0357911E49DBB4642BEE10421F5BBEF602BDE0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3232203d3e203437353833.roa
Signing time:             Wed 15 May 2024 19:16:09 +0000
ROA not before:           Wed 15 May 2024 19:11:09 +0000
ROA not after:            Wed 14 May 2025 19:16:09 +0000
asID:                     47583
IP address blocks:        195.200.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:03:57:91:1e:49:db:b4:64:2b:ee:10:42:1f:5b:be:f6:02:bd:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 19:11:09 2024 GMT
            Not After : May 14 19:16:09 2025 GMT
        Subject: CN=0C396D3E459CE265B060C0661CA30405FD775A22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2e:7c:d2:25:9f:11:e2:f7:78:17:fa:5f:24:
                    f9:8c:a8:40:18:77:43:aa:71:74:ea:e7:c7:98:d2:
                    8a:1d:b6:ca:4e:ff:7f:7e:6f:ce:96:99:c2:45:ae:
                    d5:b5:ff:47:b3:61:db:6f:a6:ee:b0:0b:4e:ee:8f:
                    c5:f9:49:21:6a:4f:45:b0:c4:34:2a:2c:9f:5d:cc:
                    fb:2a:b6:da:41:5b:df:e8:2a:c9:b3:6f:1d:c0:03:
                    34:44:b2:e0:65:6e:f8:55:02:49:78:c8:cd:96:1a:
                    d7:36:d3:67:7f:00:a7:36:cb:27:8e:c4:54:a2:95:
                    15:50:e3:d3:1b:61:e2:1d:8b:2a:a5:f6:c0:7c:b1:
                    f7:49:47:19:9c:5e:71:42:71:a3:ed:c6:d9:61:5a:
                    6f:28:a2:67:14:89:b2:9b:1f:ec:35:fb:16:46:94:
                    73:8b:50:59:ca:54:b7:21:06:29:35:64:f8:fa:05:
                    94:27:c1:ea:39:6b:3c:6a:11:07:11:81:8a:12:98:
                    ea:e2:12:98:b6:f9:19:a0:12:69:bd:ab:06:f9:ff:
                    67:91:f1:ea:94:da:8e:83:71:2c:4e:22:65:47:11:
                    0e:37:de:3d:ba:e6:7a:c1:1b:54:7d:ea:02:f4:49:
                    75:9c:dc:f1:64:d1:94:c6:37:f1:57:fd:f2:ed:f7:
                    94:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:39:6D:3E:45:9C:E2:65:B0:60:C0:66:1C:A3:04:05:FD:77:5A:22
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3232203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:7b:98:2b:ba:d5:70:b4:1d:38:72:30:2e:6d:fc:bc:73:64:
         59:60:07:4a:83:16:af:94:59:00:8d:9f:77:0f:5e:b6:15:56:
         1a:09:18:9f:8f:d5:bd:1b:2b:56:1e:ec:df:16:10:2e:31:96:
         cf:5c:93:0a:e9:2c:cd:a6:30:65:26:b6:05:2c:da:89:39:8d:
         e0:68:ec:9f:74:02:f4:5b:18:2d:66:57:70:bc:42:6a:c5:f8:
         e8:2c:92:41:60:1f:77:7c:00:db:41:7c:49:aa:3b:d3:8d:b7:
         6c:91:4c:e0:19:3e:38:60:ae:c4:c6:17:e3:1c:c7:15:50:37:
         25:cd:36:64:af:d6:fc:a8:a1:5a:89:de:64:4a:62:12:36:13:
         81:06:8b:88:8b:49:53:2a:be:a1:b7:3d:49:9a:3c:2f:31:45:
         42:8b:ae:93:72:76:f3:ef:a7:27:dd:b5:0a:c4:52:f7:12:49:
         d7:43:11:05:73:51:57:65:4b:ae:1c:9b:63:39:01:ba:f1:fc:
         b4:f9:1d:f5:75:47:f6:d6:e8:80:a8:70:70:a5:bc:38:2c:4d:
         56:5b:5d:b2:a9:03:2c:d6:9d:bf:28:5f:e1:57:02:5a:49:7d:
         a2:ee:a3:e6:c5:f6:6f:af:e1:cc:75:09:be:12:d2:32:0c:a2:
         01:e2:56:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXwNXkR5J27RkK+4QQh9bvvYCveAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTUxOTExMDlaFw0yNTA1MTQxOTE2MDlaMDMxMTAvBgNV
BAMTKDBDMzk2RDNFNDU5Q0UyNjVCMDYwQzA2NjFDQTMwNDA1RkQ3NzVBMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5LnzSJZ8R4vd4F/pfJPmMqEAY
d0OqcXTq58eY0oodtspO/39+b86WmcJFrtW1/0ezYdtvpu6wC07uj8X5SSFqT0Ww
xDQqLJ9dzPsqttpBW9/oKsmzbx3AAzREsuBlbvhVAkl4yM2WGtc202d/AKc2yyeO
xFSilRVQ49MbYeIdiyql9sB8sfdJRxmcXnFCcaPtxtlhWm8oomcUibKbH+w1+xZG
lHOLUFnKVLchBik1ZPj6BZQnweo5azxqEQcRgYoSmOriEpi2+RmgEmm9qwb5/2eR
8eqU2o6DcSxOImVHEQ433j265nrBG1R96gL0SXWc3PFk0ZTGN/FX/fLt95TJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDDltPkWc4mWwYMBmHKMEBf13WiIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMjMwMzAyZTM4
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsPI
CDANBgkqhkiG9w0BAQsFAAOCAQEACHuYK7rVcLQdOHIwLm38vHNkWWAHSoMWr5RZ
AI2fdw9ethVWGgkYn4/VvRsrVh7s3xYQLjGWz1yTCukszaYwZSa2BSzaiTmN4Gjs
n3QC9FsYLWZXcLxCasX46CySQWAfd3wA20F8Sao70423bJFM4Bk+OGCuxMYX4xzH
FVA3Jc02ZK/W/KihWoneZEpiEjYTgQaLiItJUyq+obc9SZo8LzFFQouuk3J28++n
J921CsRS9xJJ10MRBXNRV2VLrhybYzkBuvH8tPkd9XVH9tbogKhwcKW8OCxNVltd
sqkDLNadvyhf4VcCWkl9ou6j5sX2b6/hzHUJvhLSMgyiAeJWnQ==
-----END CERTIFICATE-----